bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
22cd97698ef9352ce3ac6cd79ef9508bc9dfc09f
2nd/10_Wiki/Topics/Architecture/시프트_레프트(Shift-Left).md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

152 lines
4.7 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-시프트-레프트-shift-left
title: 시프트 레프트 (Shift-Left)
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Shift Left, Shift-Left Testing, Shift-Left Security]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [devops, testing, security, ci-cd]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: agnostic
framework: ci-cd
---
# 시프트 레프트 (Shift-Left)
## 매 한 줄
> **"매 결함은 매 발견 시점이 빠를수록 매 비용이 기하급수적으로 감소한다"**. Larry Smith가 2001년 매 명명. 매 testing / security / compliance 를 매 SDLC 의 좌측 (design / coding) 으로 매 이동. 매 2026 modern form은 매 IDE 안에서 매 SAST + AI assisted review (Claude Opus 4.7, GitHub Copilot) 가 매 commit 전 매 결함 탐지.
## 매 핵심
### 매 Cost curve (Boehm / NIST)
- 매 design phase: 1x
- 매 implementation: 5x
- 매 testing: 10x
- 매 production: 100x+
### 매 적용 영역
- **Testing**: TDD / unit test in pre-commit hook.
- **Security**: SAST (Semgrep, CodeQL), SCA (Dependabot, Snyk), secret scanning (gitleaks).
- **Compliance**: policy as code (OPA / Conftest).
- **Infrastructure**: tfsec, checkov.
- **Quality**: lint / type check at IDE save.
### 매 응용
1. Pre-commit hooks 으로 매 30 sec feedback.
2. PR-blocking CI 로 매 main 매 clean.
3. AI review (Claude Code / Copilot) 으로 매 design phase 매 결함 탐지.
## 💻 패턴
### Pre-commit hook config
```yaml
# .pre-commit-config.yaml
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v5.0.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- repo: https://github.com/gitleaks/gitleaks
rev: v8.21.0
hooks: [{ id: gitleaks }]
- repo: https://github.com/returntocorp/semgrep
rev: v1.95.0
hooks: [{ id: semgrep, args: [--config=auto, --error] }]
- repo: local
hooks:
- id: pytest-changed
name: pytest-changed
entry: pytest --testmon
language: system
pass_filenames: false
```
### GitHub Actions: shift-left CI
```yaml
on: [pull_request]
jobs:
shift-left:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: github/codeql-action/init@v3
with: { languages: python }
- uses: github/codeql-action/analyze@v3
- uses: aquasecurity/tfsec-action@v1
- run: npx snyk test --severity-threshold=high
- run: gitleaks detect --source . --redact
```
### Policy as code (OPA / Rego)
```rego
package terraform.s3
deny[msg] {
resource := input.resource_changes[_]
resource.type == "aws_s3_bucket"
not resource.change.after.server_side_encryption_configuration
msg := sprintf("S3 bucket %v: encryption not configured", [resource.name])
}
```
### IDE-time SAST (VS Code Semgrep)
```json
{
"semgrep.scan.configuration": ["auto", "p/owasp-top-ten"],
"semgrep.scan.onSave": true,
"editor.codeActionsOnSave": { "source.fixAll": "explicit" }
}
```
### AI design review (Claude Opus 4.7)
```bash
claude review --pre-commit \
--rules "OWASP Top 10, race conditions, error handling" \
$(git diff --cached --name-only)
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| 매 secret leak 매 방지 | gitleaks pre-commit + GitHub secret scanning |
| 매 dependency vulnerability | Dependabot + Snyk in PR |
| 매 IaC misconfiguration | tfsec + OPA |
| 매 logic bug | TDD + property-based tests |
| 매 design flaw | AI-assisted review (Claude / Copilot) |
**기본값**: 매 pre-commit (lint + secret) + PR-CI (SAST + SCA + tests).
## 🔗 Graph
- 부모: [[CI_CD 파이프라인 및 IDE 통합 보안|DevSecOps]]
- 응용: [[SAST]] · [[SCA_Fundamentals|SCA]]
- Adjacent: [[TDD]] · [[Supply Chain Security]]
## 🤖 LLM 활용
**언제**: 매 PR review 의 first-pass / 매 security policy generation / 매 test case 생성.
**언제 X**: 매 final security signoff — 매 human security engineer 필수.
## ❌ 안티패턴
- **Shift-left without budget**: 매 dev 에 매 책임만 떠넘기기.
- **Tool spam**: 매 30 가지 scanner — 매 noise 로 매 ignored.
- **Block on everything**: 매 false positive 로 매 trust 상실.
- **No baseline**: 매 legacy code 의 매 모든 finding block.
## 🧪 검증 / 중복
- Verified (Smith 2001 *Shift-Left Testing*, Forrester *State of Application Security 2025*, OWASP DevSecOps Guideline).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — 매 pre-commit, OPA, AI review 패턴 추가 |
Reference in New Issue View Git Blame Copy Permalink